RecFaces GDPR practice. How to properly work with personal data and not be afraid

What is GDPR?
GDPR (eng. General Data Protection Regulation) — regulation of the European Union regulating the protection of personal data of persons residing in the European Union; also applies to the export of data from the EU.
Read more about GDPR in our article ‘What Is GDPR? Understanding General Data Protection Regulation’.
In this article, we will explain how RecFaces solutions comply with GDPR standards and why you should not be afraid to work with personal data.
Table of Contents
RecFaces in the GDPR system
Why you shouldn't be afraid of working with GDPR and how does it help you when using RecFaces solutions?
When working with RecFaces solutions, the user is always protected, because:
What documents may you need if you fall under the GDPR, and why do you need them ?
RecFaces in the GDPR system
According to the results of the international legal audit, RecFaces is neither a processor, since it does not process any personal data using the software, nor a supervisor, since user data is not collected.
When working with RecFaces software, the personal data supervisor is the user of the solution (the client), and accordingly, it is the client's responsibility to comply with the GDPR standards. RecFaces has studied and understands the specifics of the GDPR, is ready to help end users and partners, and we have prepared templates for the necessary documents, such as the personal data policy and consent to the processing of personal data, to regulate the company's internal procedures in order to comply with the GDPR. For our part, as software developers, we guarantee data security when developing and implementing our application, in order to make it easier for supervisors to comply with GDPR. At the same time, the user of the solution must comply with all the rules prescribed in the GDPR. You can read the GDPR requirements in this article.
Why you shouldn't be afraid of working with GDPR and how does it help you when using RecFaces solutions?
With the entry into force of the GDPR in 2018, working with personal data has become much easier, so the client gets quite a lot of convenience and opportunities when using the RecFaces software, such as:
- According to Article 5, Part 1 of the GDPR, there is no need to collect data beyond what is needed for processing. Thus, it is the customer who determines what data is received for processing, which allows you to minimize its number, and also gives the client the opportunity to have full control over the processed data;
- The user of the solution determines how much time the collected personal data can be processed, but the software can be configured so that the client will receive an alert when this time period expires, which also allows the client to have more control over data processing;
- The system allows the user to determine the number of users who have access to the data, which increases the security of the client's data;
- In a situation where the data subject claims their rights (the right to correct personal data, delete, etc.), which they may require from the supervisor, RecFaces solutions have the ability to configure at the request of the client to facilitate the above-mentioned procedures, and it is also possible to configure restrictions on the processing of such data.
When working with RecFaces solutions, the user is always protected, because:
- RecFaces solutions are installed on the customer's infrastructure. The system can be deployed on an isolated loop from the Internet. Thus, the customer himself controls the operation of the solution;
- If the solution is installed on a server with an Internet connection, data exchange between the server and the client application is carried out over a secure https connection. The system does not require communication with internal RecFaces systems, that is, it works completely independently of them;
- The data is stored in the database on the server. Photos are stored in an impersonal form, without reference to personal data (for example, to the full name), so RecFaces meets the requirements of the GDPR;
- RecFaces systems implement mechanisms for encrypting critical data. The system has the ability to encrypt photos according to the AES.256 standard.
What documents may you need if you fall under the GDPR, and why do you need them ?
- Personal Data Management Policy. This document regulates what personal data is and how and why it will be processed, how and where it can be sent (for example, sending data abroad or storing it strictly at the place of deployment of the solution). This document also provides the entire legal framework, following which all transactions with personal data are carried out, and explains the rights of the client.
- Consent to the processing of personal data. This document explains for what purposes the client's data will be used, as well as how and where it will be stored, and where it can be sent. This document will be a confirmation of the agreement for the processing of personal data.
All RecFaces solutions help users comply with the GDPR, so their use is absolutely safe and secure. For a better understanding of working with our product, we invite you to participate in training on working with our biometric line of solutions. You can view the course schedule here: https://recfaces.com/training
For further information on buying or receiving a demo version of our solutions, you can contact us by writing to the email sales@recfaces.com